CVE-2023-3959
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
08/11/2023
Last modified:
02/08/2024
Description
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,<br />
CB6231, B8520, B8220, and CD321 <br />
<br />
IP Cameras<br />
<br />
with firmware version M2.1.6.05 are <br />
vulnerable to multiple instances of stack-based overflows. While <br />
processing XML elements from incoming network requests, the product does<br />
not sufficiently check or validate allocated buffer size. This may lead<br />
to remote code execution.<br />
<br />
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:zavio:cf7500_firmware:m2.1.6.05:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zavio:cf7500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zavio:cf7300_firmware:m2.1.6.05:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zavio:cf7300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zavio:cf7201_firmware:m2.1.6.05:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zavio:cf7201:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zavio:cf7501_firmware:m2.1.6.05:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zavio:cf7501:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zavio:cb3211_firmware:m2.1.6.05:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zavio:cb3211:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zavio:cb3212_firmware:m2.1.6.05:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zavio:cb3212:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zavio:cb5220_firmware:m2.1.6.05:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zavio:cb5220:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zavio:cb6231_firmware:m2.1.6.05:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page